Export limit exceeded: 335249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6135 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
| BT:Classic: Multiple missing buf length checks | ||||
| CVE-2024-40754 | 1 Samsung Open Source | 1 Escargot | 2024-09-18 | 9.8 Critical |
| Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | ||||
| CVE-2021-38133 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 7.4 High |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | ||||
| CVE-2021-38132 | 2 Microfocus, Opentext | 2 Edirectory, Edirectory | 2024-09-18 | 5.3 Medium |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | ||||
| CVE-2021-38131 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 5.4 Medium |
| Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | ||||
| CVE-2024-8750 | 1 I-doit | 1 I-doit | 2024-09-18 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view). | ||||
| CVE-2024-34334 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 9.3 Critical |
| ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | ||||
| CVE-2024-34335 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 6.1 Medium |
| ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | ||||
| CVE-2024-34336 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 5.3 Medium |
| User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | ||||
| CVE-2024-45181 | 2 Microsoft, Wibu | 2 Windows, Wibukey | 2024-09-18 | 8.8 High |
| An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption. | ||||
| CVE-2024-45303 | 1 Discourse | 1 Calendar | 2024-09-18 | 6.1 Medium |
| Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin. | ||||
| CVE-2024-8646 | 1 Eclipse | 1 Glassfish | 2024-09-18 | 6.1 Medium |
| In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | ||||
| CVE-2024-45786 | 1 Reedos | 1 Aim-star | 2024-09-18 | 6.5 Medium |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users. | ||||
| CVE-2024-45788 | 1 Reedos | 1 Aim-star | 2024-09-18 | 7.5 High |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system. | ||||
| CVE-2024-45789 | 1 Reedos | 1 Aim-star | 2024-09-18 | 4.3 Medium |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts. | ||||
| CVE-2024-8306 | 1 Schneider-electric | 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert | 2024-09-18 | 7.8 High |
| CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. | ||||
| CVE-2024-21871 | 1 Intel | 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more | 2024-09-18 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38483 | 1 Dell | 83 Embedded Box Pc 5000, Embedded Box Pc 5000 Firmware, Latitude 12 Rugged Extreme 7214 and 80 more | 2024-09-18 | 5.8 Medium |
| Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2024-39378 | 3 Adobe, Apple, Microsoft | 3 Audition, Mac Os X, Windows | 2024-09-18 | 7.8 High |
| Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-41868 | 3 Adobe, Apple, Microsoft | 3 Audition, Mac Os X, Windows | 2024-09-18 | 5.5 Medium |
| Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||